The target – configuring your target web applications
In all of our tests, we will be using the Kali Linux installation we previously set up as the client side. In order to cover the cases previously described in this book (web application and IoT devices), we need multiple target configurations.
First, we will show how to set up the VM that will be used as a testing target for web application-based SQL injection attacks, by using the web applications included in the OWASP BWA VM. In this case, the setup is quite simple and linear.
Download the latest version of the OWASP BWA VM from the official OWASP website by following the link to Sourceforge, as reported on the OWASP BWA main page:
https://sourceforge.net/projects/owaspbwa/files/
Unfortunately, in these last months, the OWASP BWA main page has been migrated to another platform, so it is only accessible as a poorly formatted page, awaiting to be moved to the new platform. You can find it at this URL: